Skip to content

Configuring SEAL Elastic Stack via Script

Elasticsearch uses different indices for the log, statistics, audit and accounting data of PLOSSYS 5.

For easyPRIMA you only need to configure audit data in Kibana.

For the different indices you can configure the housekeeping in Elasticsearch (Index Lifecycle Management, ILM).

If you prefer to proceed manually in the Kibana user interface, you will find the step-by-step instructions in Configuring SEAL Elastic Stack by Hand .

Hint - common index patterns for audit indices

The load-config script does not include the configuration of a common index pattern for audit indices of PLOSSYS 5 and easyPRIMA.

For details on this, refer to Creating a Common Index Pattern for Audit Indices below.

The load-config Script

SEAL Elastic Stack provides the load-config script and several configuration files to create all necessary components for the housekeeping of the stored data of PLOSSYS 5 and easyPRIMA.

You will find the script in the following directory:

C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1

You may use the load-config script in different operation modes:

  • Non-overwrite mode:

    The load-config script checks, whether the specific index exists and adds only settings that are missing.

  • Overwrite mode:

    The load-config script overwrites the settings.

Hint - Dashboards

Independent of the operation mode, the load-config script always overwrites the dashboard configurations to protect the consistency of the consecutive configurations.

Hint - Index Lifecycle Policies

Independent of the operation mode, the load-config script never overwrites the index lifecycle policies.

Hint - Usage

Execute the configuration script with the -h or -help option to get the usage.

Executing the Script

  1. Stop the seal-filebeat services on all PLOSSYS 5 servers to stop the data transfer to Elasticsearch:

    stop-service seal-filebeat

  2. By default, the configuration fits the installation of PLOSSYS 5 and easyPRIMA. If you need to modify the configuration, do this on the management server in the directory structure described in Configuring the Script below.

  3. In a PowerShell (Administrator) on the management server, start the load-config script for PLOSSYS 5:

    C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1

  4. Start the load-config script a second time for easyPRIMA, if required:

    C:\Program Files\SEAL Systems\seal-kibana\configuration\load-config.ps1 -c seal-easyprima

  5. Start the seal-filebeat services on all PLOSSYS 5 servers:

    start-service seal-filebeat

Configuring the Script

The load-config script scans the directories stated below for JSON files and uses their content for the configuration of the different components of SEAL Elastic Stack.

If a JSON file or a subdirectory does not exist, the load-config script skips the configuration of the corresponding component:

C:\Program Files\SEAL Systems\seal-kibana\configuration\<product_name>

The subdirectories in the product-specific directories contain the JSON files for the different components:

  • index: Elasticsearch index

  • index-lifecycle-policy: Housekeeping of the data in the specific index

  • index-pattern: Index patterns for accessing the data stored in the specific index

  • index-template: Template used when creating the index

The JSON files in the component-specific directories are named according to the data type that is to be configured:

  • accounting.json

  • audit.json

  • log.json

  • statistics.json

The following subdirectories in the product-specific directories contain JSON files used to adjust preconfigured dashboards of Kibana:

  • dashboard: Dashboard to visualize the log data of PLOSSYS 5

Example - configuration directory contained in SEAL Elastic Stack 7.16.0.53

Configuration Directory of Kibana

Backup Files

Before changing existing settings, the load-config script saves the corresponding original files in the following directory:

$HOME/tmp/backup

Log File of the Script

The load-config script logs its own error messages in a log file in the following directory:

$env:TEMP/log

Creating a Common Index Pattern for Audit Indices

The audit data of PLOSSYS 5 are stored in the seal-plossys-5-audit index. The audit data of easyPRIMA are stored in the seal-easyprima-audit index.

You can create a common index pattern, e. g. seal-*-audit, to access the audit data of both products at the same time:

  1. In the Kibana section, change to Index Patterns and click Create index pattern.

    Create Common Audit Index Pattern

  2. In Index pattern name, enter seal-*-audit and click Next step:

    Select the Audit Indices

  3. In the list of available fields to refresh the data, select @timestamp and click Create index pattern:

    Set Field for Refresh

    Optionally, click Show advanced settings, enter seal-*-audit as Custom index pattern ID and click Create index pattern:

    Set Custom Index Pattern ID

  4. Select the seal-*-audit index pattern and configure the view:

    Select Common Audit Index Pattern

Indices for PLOSSYS 5

In some cases you need to adjust PLOSSYS 5 environment variables, e. g. if you use a Kibana workspace.

In the PLOSSYS 5 system, the indices used in Elasticsearch for the log and statistics data of PLOSSYS 5 are specified in the following keys:

  • ELASTICSEARCH_INDEX_LOG

  • ELASTICSEARCH_INDEX_STATISTICS

For details on the environment variables, refer to PLOSSYS 5.

Back to top